Skip to content

Commit

Permalink
[kokoro] testing: use secrets manager (#3857)
Browse files Browse the repository at this point in the history
  • Loading branch information
busunkim96 authored May 22, 2020
1 parent a3a1e40 commit 79b0d63
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 15 deletions.
2 changes: 1 addition & 1 deletion .kokoro/lint/common.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
# Configure the docker image for kokoro-trampoline.
env_vars: {
key: "TRAMPOLINE_IMAGE"
value: "gcr.io/cloud-devrel-kokoro-resources/python"
value: "gcr.io/cloud-devrel-kokoro-resources/python-samples-testing-docker"
}

# Download trampoline resources.
Expand Down
8 changes: 5 additions & 3 deletions .kokoro/tests/run_tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,11 @@ cd github/python-docs-samples
# install nox for testing
pip install -q nox

# Unencrypt and extract secrets
SECRETS_PASSWORD=$(cat "${KOKORO_GFILE_DIR}/secrets-password.txt")
./scripts/decrypt-secrets.sh "${SECRETS_PASSWORD}"
# Use secrets acessor service account to get secrets
gcloud auth activate-service-account \
--key-file="${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" \
--project="cloud-devrel-kokoro-resources"
./scripts/decrypt-secrets.sh

source ./testing/test-env.sh
export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/testing/service-account.json
Expand Down
7 changes: 3 additions & 4 deletions scripts/decrypt-secrets.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ ROOT=$( dirname "$DIR" )
# Work from the project root.
cd $ROOT

openssl aes-256-cbc -k "$1" -md sha256 \
-in testing/secrets.tar.enc -out secrets.tar -d
tar xvf secrets.tar
rm secrets.tar
gcloud secrets versions access latest --secret="python-docs-samples-test-env" > testing/test-env.sh
gcloud secrets versions access latest --secret="python-docs-samples-service-account" > testing/service-account.json
gcloud secrets versions access latest --secret="python-docs-samples-client-secrets" > testing/client-secrets.json
10 changes: 3 additions & 7 deletions scripts/encrypt-secrets.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,6 @@ ROOT=$( dirname "$DIR" )
# Work from the project root.
cd $ROOT

read -s -p "Enter password for encryption: " PASSWORD
echo

tar cvf secrets.tar testing/{service-account.json,client-secrets.json,test-env.sh}
openssl aes-256-cbc -k "$PASSWORD" -md sha256 \
-in secrets.tar -out testing/secrets.tar.enc
rm secrets.tar
gcloud secrets versions add "python-docs-samples-test-env" --data-file="testing/test-env.sh"
gcloud secrets versions add "python-docs-samples-service-account" --data-file="testing/service-account.json"
gcloud secrets versions add "python-docs-samples-client-secrets" --data-file="testing/test-env.sh"
Binary file removed testing/secrets.tar.enc
Binary file not shown.

0 comments on commit 79b0d63

Please sign in to comment.